On Sat, 05 Aug 2006 05:55:11 -0000, Ian Hickson <[EMAIL PROTECTED]> wrote:
Given the sheer cost of getting security wrong, I'd rather that the security be right up there, and that the security-free implementations be non-conformant, than have the implementors not read the security section and therefore get it wrong. (Implementors read as little of the spec as they can get away with. In many cases, they read none of it and rely purely on the testcases. It sucks, but it's the way it is.)
I tend to agree, but I don't think this is very relevant for the specification at hand. Selectors API is a very simple and small specification and the security issues being pointed out in the separate section are hopefully widely known already. And if they're not it's not just Selectors API that's affected.
-- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
